Hi,
I'm new to Elastic stack, just set up a small cluster and sending metrics with Metricbeat from a few hosts.
I'd like to create a watcher that will send an email if the disk space on a disk on a host goes below 9 GB. Then I'd like that mail to include info with hostname, diskname and how much space there was at the time the watcher was triggered.
I assume this requires a custom watcher? I started experimenting with Elasticsearch queries trying to come up with a query that would return result as distinct hostname and drive. However, this is way above my current skill level. Could anyone help out? This is what I have at the moment, but it just returns every document where the criteria is met.
GET /metricbeat-*/_search
{
"query": {
"bool": {
"must" : {
"match": {
"system.filesystem.type": "fixed"
}
},
"filter": [
{
"range" : {
"system.filesystem.available": { "lte": 9663676416 }
}
},
{
"range": {
"@timestamp": {
"from": "now-10m", "to": "now"
}
}
}
]
}
}
}